Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left...
A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to...
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a...
Grafana security advisory (AV26-710)
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026. "The malware is...
Universities have long supported national security through research, education and workforce development. But Auburn University leaders say the scale and speed of today’s challenges require...
ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks...
Long foretold, the Great Patching has begun and it’s a doozy. Buckle in as Joe takes you through the story.
Newly documented stealer ClickLock comes for the more trusting Mac user with spot of social engineering
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive...
Officials accused three Russian nationals, Media Land and ML.Cloud of supporting cyberattacks spanning 21 U.S. states and other countries, resulting in losses surpassing $62 million. The post...
Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click "Buy Now" instead. Ask a coding assistant to apply a maintainer's fix from a GitHub...
An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor...
“Age checks are a cornerstone of the UK’s online safety laws,” said Ofcom’s Chief Executive, Melanie Dawes. “Too many services have no or inadequate age checks in place, which is not good enough.”
Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read...
JetBrains security advisory (AV26-709)
Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across the same AWS region: watch the camera, drive the robot,...
Sentencing bookends the biggest cybercrime conviction in UK history
In recent months, mounting opposition to AI has given rise to a surge of violent rhetoric, threats against people and property, and a serious attempt at harm. The phenomenon has executives at tech...
Daniel Solove argues in the Wall Street Journal (alternate link) that giving people control of their personal data is not an effective way to regulate privacy in this era. Instead, we need to hold...
The Air Force for the first time successfully fired an air-to-air missile from a new jet-powered combat drone built by defense company Anduril. The recent test, the Air Force said, is an important...
The ability of the United States to fight in and through space has disproportionately magnified the effectiveness of U.S. military forces. However, this advantage has been eroding as China ramps...
Cyber weapons have long been described as strategic instruments of statecraft. In practice, they have almost always been tactical in their application. Attackers have struggled to predict the...
OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed...
Chinese analysts have closely followed Russia’s cyber offensive against Ukraine, drawing a series of lessons about how the People’s Republic of China (PRC) can better prepare for cyber warfare....
Written by: Jules Czarniak Introduction As highlighted in the Mandiant M-Trends 2026 report, the mean time-to-exploit (TTE) has dropped to -7 days, meaning vulnerabilities are often exploited a...
Rather than verifying they are human, the CAPTCHA users are instructed to copy and paste a PowerShell command into their Windows computers.
Splunk security advisory (AV26-708)
You're browsing a legitimate small business website. Before the page loads, a familiar Cloudflare box appears: "Verify you are human." It asks you to open Terminal, paste a code, and press Enter....
One in six machines still run the old OS as migration stalls and patch deadlines creep closer
We identified targeted infection attempts against large Russian organizations using the ViPNet update system (a software suite for creating secure networks).
Zoom security advisory (AV26-707)
Zoom has released security updates for a critical security flaw impacting Zoom Workplace for Windows that could facilitate account takeover. The vulnerability, tracked as CVE-2026-53412 (CVSS...
t.me borked for a day until platform proved it had no ties to service favored by cybercriminals
Two-phase attacks with the GoSerpent backdoor, Stowaway RAT, ThumbcacheService and other tools aim to steal data from government entities in Southeast Asia.
Four Microsoft SharePoint Server vulnerabilities are under active exploitation, prompting CISA to issue a hardening alert. An additional high-severity flaw recently patched adds pressure for...
Cyber threats no longer stop at the network perimeter. Today, attackers target brands wherever they have a digital presence, websites, social media, mobile apps, email, cloud platforms, and even...
Humans can no longer keep up with the volume and velocity of security data on their own, but AI can't be fully trusted. David discusses the merits of both and muses on what the future might look like.
Cisco Talos is disclosing UAT-11795, a sophisticated, Russian-speaking, financially motivated adversary that has been conducting a malicious campaign targeting users in the U.S. and Europe since...
Attack using previously unseen ransomware payload occurred in June 2026. The skill of its operators suggests wider campaigns may follow.
Using the admin password, you could be anyone and see anything
Agentic AI use is exploding, yet most security teams are building agents in isolation. Tenable is hosting Swarm, a build event at Black Hat 2026, for security practitioners to create and...
It’s possible to leak PII describing 5.7 million people without breaching privacy rules
The Colonel stops taking online orders and may close stores after logistics partner’s systems go down
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance...
Explore how Iran utilized AI to enhance its asymmetric playbook during the 2026 conflict. Learn how AI acts as a force multiplier for Iranian cyber operations, influence campaigns, and domestic...
A large-scale credential theft campaign exploiting CVE-2025-54068, a critical unauthenticated remote code execution vulnerability in Laravel Livewire v3. Attackers used PHP deserialization to...